Top
image credit: Adobe Stock

Savvy cryptomining malware campaign targets Asian cloud service providers

February 7, 2022

Category:

Asian cloud service providers have been targeted by a sophisticated malware campaign designed to steal computing power for mining cryptocurrency. The attack techniques deployed by the CoinStomp malware include timestomping (modification of a file’s timestamp), removal of system cryptographic policies, and use of a reverse shell to initiate command and control communications with the malicious software.

“Timestomping has been used by the Rocke group in prior cryptojacking attacks,” Matt Muir, a researcher for Cado Security, wrote at the company’s website. “However, it’s not a technique commonly seen in the wild. Generally, this technique is employed as an anti-forensics measure to confuse investigators and foil remediation efforts.”

Read More on CSO Online